PingCentral is an OpenID relying party for browser-based single sign-on (SSO), as well as an OAuth 2 resource server when directly accessing the admin API.
As long as an OpenID provider is able to provide the endpoints and claims required by PingCentral (most notably the user name and role), other OpenID Connect 1.0 providers, can also be used.
- Configure the Access Token Manager for PingCentral.
- Configure the OIDC policy for PingCentral.
- Configure the OAuth client for PingCentral.
This section doesn't provide all of the details of setting up access token managers, OIDC policies, or attribute contracts because these topics are complex and often specific to a customer environment.
Configuring the Access Token Manager for PingCentral
Configuring the OIDC policy for PingCentral
The OAuth client will be associated with an OIDC Policy, which could be the default policy. This policy must map an attribute into the expected claim to signify the user’s PingCentral role, which is defined in the Attribute Contract, Attribute Sources & User Lookup, and Contract Fulfillment in PingFederate.
If the default PingCentral role claim name and values need to be altered to match the OIDC policy, update the <PingCentral_install>/conf/application.properties file.
Configuring the OAuth client for PingCentral
Define a PingCentral-specific OAuth client. These steps explain how to configure PingFederate as the OpenID provider. See Configuring OAuth clients in the PingFederate Server guide for additional information.